Fijxu/go-away
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions

[Invidious] "Oh no! Forbidden" sometimes when loading an old tab that previously passed #2

New issue
Open
opened 2025-12-23 12:39:40 -03:00 by throwaway421 · 0 comments
throwaway421 commented 2025-12-23 12:39:40 -03:00
Copy link

I've encountered this when viewing videos through your Invidious instance. I don't know if you use go-away on any other services or whether it can also happen for those.

After loading a video page and passing the go-away challenge, a bunch of stuff is left in the URL query. Then, later, if I've left the tab open for a while, when the tab reloads I'll be challenged again but will fail. However, if I immediately remove the extra stuff and try to access the normal URL again, it'll pass. So, this doesn't prevent accessing the service, it's just annoying.

I couldn't tell you whether the issue is in how go-away handles things when old info is present in the URL, or if it's the fact that old info is left in the URL after passing in the first place.

Example:
URL after previously passing, which had old go-away info:
https://inv.nadeko.net/watch?__goaway_challenge=js-refresh&__goaway_id=c598b4925a1d88b6f1998133e9a08ce9&__goaway_referer=https%3A%2F%2Finv.nadeko.net%2F&v=LL_Lh9iKIpE

Message after reloading and failing:

Error: access denied: denied by administrative rule f054d3d7f57a54f26d877eb717cdeeab/81a4d3ff51d16981b7d8

If you have any issues contact the site administrator and provide the following Request ID along with your browser details, specially like the User-Agent: f054d3d7f57a54f26d877eb717cdeeab

Protected by go-away :: Request Id f054d3d7f57a54f26d877eb717cdeeab

No messages in the browser console.

Request headers and user-agent for a failed request:

:authority: inv.nadeko.net
:method: GET
:path: /watch?__goaway_challenge=js-refresh&__goaway_id=c598b4925a1d88b6f1998133e9a08ce9&__goaway_referer=https%3A%2F%2Finv.nadeko.net%2F&v=LL_Lh9iKIpE
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: PREFS=%7B%22annotations%22%3Afalse%2C%22annotations_subscribed%22%3Afalse%2C%22preload%22%3Atrue%2C%22autoplay%22%3Afalse%2C%22automatic_instance_redirect%22%3Afalse%2C%22captions%22%3A%5B%22%22%2C%22%22%2C%22%22%5D%2C%22comments%22%3A%5B%22youtube%22%2C%22%22%5D%2C%22continue%22%3Afalse%2C%22continue_autoplay%22%3Atrue%2C%22dark_mode%22%3A%22auto%22%2C%22latest_only%22%3Afalse%2C%22listen%22%3Afalse%2C%22local%22%3Afalse%2C%22watch_history%22%3Afalse%2C%22vr_mode%22%3Atrue%2C%22show_nick%22%3Afalse%2C%22locale%22%3A%22en-US%22%2C%22region%22%3A%22US%22%2C%22max_results%22%3A40%2C%22notifications_only%22%3Afalse%2C%22player_style%22%3A%22invidious%22%2C%22quality%22%3A%22dash%22%2C%22quality_dash%22%3A%22auto%22%2C%22default_home%22%3A%22Popular%22%2C%22feed_menu%22%3A%5B%22Popular%22%2C%22Trending%22%5D%2C%22related_videos%22%3Atrue%2C%22sort%22%3A%22published%22%2C%22speed%22%3A1%2C%22thin_mode%22%3Afalse%2C%22unseen_only%22%3Afalse%2C%22video_loop%22%3Afalse%2C%22extend_desc%22%3Afalse%2C%22volume%22%3A90%2C%22save_player_pos%22%3Atrue%2C%22hidden_channels%22%3A%5B%5D%2C%22default_trending_type%22%3A%22default%22%7D; COMPANION_IDD=4; .go-away-539f0bf7523a-state=eyJhbGciOiJkaXIiLCJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiemlwIjoiREVGIn0..0sfxEvUfRyQgt4tu.reUC0U8taZgfgcD5n9MdZFXbN0rfMRTtmkpn62Q3sH1UH00vf4SlDSukt3OZm_NrPOEKnhUTIg1M6k5GObZTHQfhS3dT_Hl5sCw-5OkhrvYq6LcOxI-nW5sTmz-TUx0WOe3fhztN4Hre0SLIH7LNpHJjOZw6TNOat0pYA-RVw8DWPDcfIElOBAdsiC_83pDhlmh2rPN-K_FwHgFicoXsgwSZd1boI0dqEMtVNz6JoSxe54jT4MdstdFY1pqzttkZSDk9Y_fFStE8kEkt9Cg8Tn2xb2P17nVhRX69eyjRWnP0L216Q4P7LqIotaaDW-4QR8ABOdmlrIZTqYnRSUJGS_uIBLNROUK0Q2MgKaZRYz5V4rOLOYaubkbsZjDbYYPnNASKBdcKOBh-QEVWU5IdEtWYkVhBLYfFhkw7vDGoa0IxokZusv1OLQv-y1-r2r9t7MDcZigkWLPdQVP2kF-RMFhurwOTUdB2gpx8a0ohFapkCvu07GeIDHRudXubayiNboA5nn96-0X8x5A8nJtW0AuT.05fj5s1_dypEKxFmpoOpgw
referer: https://inv.nadeko.net/
sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Editing the URL back to https://inv.nadeko.net/watch?v=LL_Lh9iKIpE and loading it then successfully passed the go-away challenge.

I've encountered this when viewing videos through your Invidious instance. I don't know if you use go-away on any other services or whether it can also happen for those. After loading a video page and passing the go-away challenge, a bunch of stuff is left in the URL query. Then, later, if I've left the tab open for a while, when the tab reloads I'll be challenged again but will fail. However, if I immediately remove the extra stuff and try to access the normal URL again, it'll pass. So, this doesn't prevent accessing the service, it's just annoying. I couldn't tell you whether the issue is in how go-away handles things when old info is present in the URL, or if it's the fact that old info is left in the URL after passing in the first place. Example: URL after previously passing, which had old go-away info: `https://inv.nadeko.net/watch?__goaway_challenge=js-refresh&__goaway_id=c598b4925a1d88b6f1998133e9a08ce9&__goaway_referer=https%3A%2F%2Finv.nadeko.net%2F&v=LL_Lh9iKIpE` Message after reloading and failing: ``` Error: access denied: denied by administrative rule f054d3d7f57a54f26d877eb717cdeeab/81a4d3ff51d16981b7d8 If you have any issues contact the site administrator and provide the following Request ID along with your browser details, specially like the User-Agent: f054d3d7f57a54f26d877eb717cdeeab Protected by go-away :: Request Id f054d3d7f57a54f26d877eb717cdeeab ``` No messages in the browser console. Request headers and user-agent for a failed request: ``` :authority: inv.nadeko.net :method: GET :path: /watch?__goaway_challenge=js-refresh&__goaway_id=c598b4925a1d88b6f1998133e9a08ce9&__goaway_referer=https%3A%2F%2Finv.nadeko.net%2F&v=LL_Lh9iKIpE :scheme: https accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cache-control: max-age=0 cookie: PREFS=%7B%22annotations%22%3Afalse%2C%22annotations_subscribed%22%3Afalse%2C%22preload%22%3Atrue%2C%22autoplay%22%3Afalse%2C%22automatic_instance_redirect%22%3Afalse%2C%22captions%22%3A%5B%22%22%2C%22%22%2C%22%22%5D%2C%22comments%22%3A%5B%22youtube%22%2C%22%22%5D%2C%22continue%22%3Afalse%2C%22continue_autoplay%22%3Atrue%2C%22dark_mode%22%3A%22auto%22%2C%22latest_only%22%3Afalse%2C%22listen%22%3Afalse%2C%22local%22%3Afalse%2C%22watch_history%22%3Afalse%2C%22vr_mode%22%3Atrue%2C%22show_nick%22%3Afalse%2C%22locale%22%3A%22en-US%22%2C%22region%22%3A%22US%22%2C%22max_results%22%3A40%2C%22notifications_only%22%3Afalse%2C%22player_style%22%3A%22invidious%22%2C%22quality%22%3A%22dash%22%2C%22quality_dash%22%3A%22auto%22%2C%22default_home%22%3A%22Popular%22%2C%22feed_menu%22%3A%5B%22Popular%22%2C%22Trending%22%5D%2C%22related_videos%22%3Atrue%2C%22sort%22%3A%22published%22%2C%22speed%22%3A1%2C%22thin_mode%22%3Afalse%2C%22unseen_only%22%3Afalse%2C%22video_loop%22%3Afalse%2C%22extend_desc%22%3Afalse%2C%22volume%22%3A90%2C%22save_player_pos%22%3Atrue%2C%22hidden_channels%22%3A%5B%5D%2C%22default_trending_type%22%3A%22default%22%7D; COMPANION_IDD=4; .go-away-539f0bf7523a-state=eyJhbGciOiJkaXIiLCJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiemlwIjoiREVGIn0..0sfxEvUfRyQgt4tu.reUC0U8taZgfgcD5n9MdZFXbN0rfMRTtmkpn62Q3sH1UH00vf4SlDSukt3OZm_NrPOEKnhUTIg1M6k5GObZTHQfhS3dT_Hl5sCw-5OkhrvYq6LcOxI-nW5sTmz-TUx0WOe3fhztN4Hre0SLIH7LNpHJjOZw6TNOat0pYA-RVw8DWPDcfIElOBAdsiC_83pDhlmh2rPN-K_FwHgFicoXsgwSZd1boI0dqEMtVNz6JoSxe54jT4MdstdFY1pqzttkZSDk9Y_fFStE8kEkt9Cg8Tn2xb2P17nVhRX69eyjRWnP0L216Q4P7LqIotaaDW-4QR8ABOdmlrIZTqYnRSUJGS_uIBLNROUK0Q2MgKaZRYz5V4rOLOYaubkbsZjDbYYPnNASKBdcKOBh-QEVWU5IdEtWYkVhBLYfFhkw7vDGoa0IxokZusv1OLQv-y1-r2r9t7MDcZigkWLPdQVP2kF-RMFhurwOTUdB2gpx8a0ohFapkCvu07GeIDHRudXubayiNboA5nn96-0X8x5A8nJtW0AuT.05fj5s1_dypEKxFmpoOpgw referer: https://inv.nadeko.net/ sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 ``` Editing the URL back to `https://inv.nadeko.net/watch?v=LL_Lh9iKIpE` and loading it then successfully passed the go-away challenge.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
tls-entries-reload
go1.22
nix
tests
v0.7.0
v0.6.0
v0.5.2
v0.5.1
v0.5.0
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.1.1
v0.1.0
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Fijxu/go-away#2
No description provided.